Vulnerabilities > Eclipse > Theia > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-02 | CVE-2021-34436 | XXE vulnerability in Eclipse Theia 0.1.1/0.2.0 In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote code execution (and XXE) via the theia-xml-extension. | 9.8 |
| 2021-02-24 | CVE-2020-27224 | Cross-site Scripting vulnerability in Eclipse Theia In Eclipse Theia versions up to and including 1.2.0, the Markdown Preview (@theia/preview), can be exploited to execute arbitrary code. | 9.6 |